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DETAILED ACTION 



Priority 



1 . No claim for priority has been made in this application. 

2. The effective filing date for the subject matter defined in the pending claims in 
this application is 12/27/2000. 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 



3. Claim 1 - 8, 20 - 24. 33 - 36, 45 - 54. and 71 - 74 are rejected under 35 
U.S.C. 102(e) as being anticipated by Farber (Patent Number: US 6415280 B1), 
hereinafter referred to as Farber 



4. As per claim 1, Farber discloses a network system comprising: 

a. a first device to maintain an original resource (Farber: inter alia, Column 43 Line 

59-61); 



Claim Rejections - 35 USC § 102 
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b. a second device to maintain a replica resource remotely from the first device, the 
replica resource being replicated from the original resource (Farber: inter alia, Column 
43 Line 59-61); 

c. memory to store a cached descriptor corresponding to the original resource 
(Farber: inter alia. Column 12 Line 38 - 43, Column 3 Line 56 - 57, Column 39 Line 24 
- 25 and Figure 1(b): Applicant defines a Descriptor can be a hash function of the 
resource, a calculated checksum (CRC) or any other functional identifier that can be 
formulated to provide a basis for comparison of different instantiations of a resource. 
Farber teaches that a "True Name" of a data item (for example, files, database records 
and the like) obtained by computing a MD, or a hash function, is virtually guaranteed to 
represent the given data item and only that particular data item. Therefore, a True 
Name is qualified as a Descriptor and both of them are served as resource unique 
identifiers); 

d. a security component to determine whether the replica resource will pose a 
security risk to the second device upon receipt of a request for the replica resource, the 
security component (Farber: inter alia. Column 34 Line 45 - 49 and Column 43 Line 62 



e. formulating a descriptor corresponding to the replica resource and comparing the 
fonnulated descriptor with the cached descriptor (Fartjer: inter alia. Column 31 Line 27 - 
30 and Column 37 Line 36 - 42); and 

f. if the formulated descriptor and the cached descriptor are not equivalent, 
fonnuiating a second descriptor corresponding to the original resource and comparing 



-64): 
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the formulated descriptor with the second descriptor (Farber: inter alia, Column 3 Line 
35 - 38 and Column 31 Line 31 - 33). 

5. As per claim 2, Farber teaches the claimed invention as described above (see 
claim 1). Farber further teaches the security component determines that the replica 
resource is not a security risk if the formulated descriptor and the cached descriptor are 
equivalent (Farber: inter alia, Column 37 Line 12-13 and Figure 28). 

6. As per claim 3, Farber teaches the claimed invention as described above (see 
claim 1). Farber further teaches if the formulated descriptor and the cached descriptor 
are not equivalent, and if the formulated descriptor and the second descriptor are 
equivalent, the security component determines that the replica resource is not a security 
risk (Farber: inter alia. Column 37 Line 13-14 Figure 28). 

7. As per claim 4, Farber teaches the claimed invention as described above (see 
claim 1). Farber further teaches if the formulated descriptor and the cached descriptor 
are not equivalent, and if the formulated descriptor and the second descriptor are 
equivalent, the security component determines that the replica resource is not a security 
risk, and the cached descriptor is replaced with the second descriptor (Farber: inter alia, 
Column 25 Line 57 - 61 and Column 37 Line 13-17). 

8. As per claim 5, Farber teaches the claimed invention as described above (see 
claim 1). Farber further teaches if the formulated descriptor and the cached descriptor 
are not equivalent, and if the formulated descriptor and the second descriptor are not 
equivalent, the security component determines that the replica resource is a security 
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risk, and the replica resource is replaced with a copy of the original resource (Farber: 
inter alia, Column 37 Line 51 - 52 and Column 31 Line 31 -32). 

9. As per claim 6, Farber teaches the claimed invention as described above (see 
claim 1). Farber further teaches if the formulated descriptor and the cached descriptor 
are not equivalent, and if the formulated descriptor and the second descriptor are; not 
equivalent, the security component determines that the replica resource is a security 
risk, the replica resource is replaced with a copy of the original resource, and the 
cached descriptor is replaced with the second descriptor (Farber: inter alia. Column 37 
Line 33 - 35). 

10. As per claim 7, Farber teaches the claimed invention as described above (see 
claim 1). Farber further teaches the security component formulates the cached 
descriptor when the original resource is replicated to create the replica resource 
(Farber: inter alia, Column 37 Line 33 - 35). 

11. As per claim 8, Farber teaches the claimed invention as described above (see 
claim 1). Farber further teaches the security component is configured to determine 
whether the request will pose a security risk to the second device (Farber: inter alia. 
Column 34 Line 48 - 50). 
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12. As per claim 20. Farber discloses a network server comprising: 

a. a server component to receive a request for a resource maintained on the 
network server and. in response to the request, implement security policies to prevent 
unauthorized access to the resource (Farber: inter alia, Column 25 Line 26 - 28); and 

b. a security component that is registerable with the server component during 
run-time to determine whether the resource will pose a security risk to the network 
server upon receipt of the request (Farber: inter alia, Column 43 Line 62 - 63 and 
Column 34 Line 45 - 49). 

13. As per claim 21 , Farber teaches the claimed invention as described above (see 
claim 20). Farber further teaches if the security component determines that the 
resource will pose a security risk, the security component redirects the request to 
indicate: that the resource is not available (Farber: inter alia, Column 25 Line 26 - 28). 

14. As per claim 22. Farber teaches the claimed invention as described above (see 
claim 20). Farber further teaches: 

a. the security component: formulates a descriptor corresponding to the resource; 
compares the formulated descriptor with a cached descriptor, the cached descriptor 
corresponding to the resource and formulated when the resource is initially requested 
(Farber: inter alia, Column 31 Line 27 - 30, Column 37 Line 36 - 42, Column 14 Line 26 
- 30 and Column 3 Line 56 - 57); and 

b. determines that the resource is not a security risk if the formulated descriptor and 
the cached descriptor are equivalent (Farber: inter alia, Column 37 Line 12 -13 and 
Figure 28). 
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15. As per claim 23. Farber teaches the claimed invention as described above (see 
claim 20). Farber further teaches: 

a. formulates a descriptor corresponding to the resource; compares the formulated 
descriptor with a cached descriptor, the cached descriptor corresponding to the 
resource and formulated when the resource is initially requested (Farber: inter alia, 
Column 31 Line 27 - 30, Column 37 Line 36 - 42, and Column 14 Line 26 - 30); 

b. if the fomiulated descriptor and the cached descriptor are not equivalent, 
formulates a second descriptor corresponding to an original resource maintained on a 
file server remotely located from the network server, the resource being replicated from 
the original resource (Farber: inter alia, Column 3 Line 35 - 38 and Column 31 Line 31 
-33); 

c. compares the formulated descriptor with the second descriptor; and determines 
that the resource is not a security risk if the formulated descriptor and the second 
descriptor are equivalent (Farber: inter alia, Column 37 Line 13-14 and Figure 28). 

16. As per claim 24, Farber teaches the claimed invention as described above (see 
claim 20). Farber further teaches: 

a. formulates a descriptor corresponding to the resource; compares the formulated 
descriptor with a cached descriptor, the cached descriptor corresponding to the 
resource and formulated when the resource is initially requested (Farber: inter alia, 
Column 31 Line 27 - 30, Column 37 Line 36 - 42, and Column 14 Line 26 - 30); 

b. if the formulated descriptor and the cached descriptor are not equivalent, 
formulates a second descriptor corresponding to an original resource maintained on a 




m 
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file server remotely located from the network server, the resource being replicated from 
the original resource (Farber: inter alia. Column 3 Line 35 - 38 and Column 31 Line 31 
-33); 

c. compares the formulated descriptor with the second descriptor; if the formulated 
descriptor and the second descriptor are not equivalent, initiates that the resource 
stored on the network server be replaced with a copy of the original resource 
maintained on the file sen/er (Farber: inter alia. Column 37 Line 51 - 52 and Column 31 
Line 31 - 32); and 

d. initiates that the cached descriptor be replaced with the second descriptor 
(Farber: inter alia, Column 37 Line 33 - 35). 



17. As per claim 33, Farber discloses a computing device comprising an operating 



a. access resources to service requests (Farber, see inter alia, Column 43 Line 62 



b. a security component to determine whether a resource will pose a security risk to 
the computing device upon receipt of a request to access the resource (Farber, see 
inter alia, Column 43 Line 62 - 64, Column 34 Line 45 - 50, and Column 31 Line 30); 

c. the security component configured to: formulate a descriptor corresponding to 
the resource (Farber, see inter alia. Column 31 Line 27 - 30); 



system to: 



-64); 
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d. retrieve a cached descriptor corresponding to the resource the cached descriptor 
stored on a remote second computing device (Farber, see inter alia, Column Line 15 - 
23 and Column 23 Line 41 - 43); 

e. compare the formulated descriptor with the cached descriptor (Farber, see inter 
alia. Column 37 Line 36 - 42); and 

f. determine that the resource is not a security risk if the formulated descriptor and 
the cached descriptor are equivalent (Farber, see inter alia, Column 37 Line 12-13 
and Figure 28). 

18. As per claim 34, Farber teaches the claimed invention as described above (see 
claim 33). Farber further teaches the security component formulates the cached 
descriptor when the resource is initially requested (Farber, see inter alia. Column 14 
Line 26 - 30 and Column 1 3 Line 56 - 57). 

19. As per claim 35, Farber teaches the claimed invention as described above (see 
claim 33). Farber further teaches the security component initiates a remote data server 
to formulate the cached descriptor and store the cached descriptor on the remote 
second computing device when the resource is stored on the computing device (Farber, 
see inter alia. Column 23 Line 15-23 and Column 23 Line 41 - 43: to retrieve and 
store the cache descriptor can be considered as the dual services). 

20. As per claim 36. Farber teaches the claimed invention as described above (see 
claim 33). Farber further teaches if the formulated descriptor and the cached descriptor 
are not equivalent, the security component initiates that the resource be replaced with a 
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copy of the resource maintained on the remote second computing device (Farber, see 
inter alia, Column 25 Line 57 - 61 and Column 37 Line 13-17). 



21 . As per claim 45, Farber discloses a method comprising: 

a. receiving a request for a replica resource stored on a computing device ((Farber, 
see Inter alia. Column 43 Line 58 - 62); 

b. formulating a descriptor corresponding to the replica resource; comparing the 
formulated descriptor with a cached descriptor corresponding to an original resource 
stored on a second computing device remotely located from the computing device, the 
replica resource being replicated from the original resource (Farber, see inter alia. 
Column 31 Line 27 - 30 and Column 37 Line 36 - 42); 

c. determining that the replica resource does not pose a security risk if the 
formulated descriptor and the cached descriptor are equivalent (Farber, see inter alia, 
Column 37 Line 12 - 13 and Figure 28); 

d. if the formulated descriptor and the cached descriptor are not equivalent, 
formulating a second descriptor corresponding to the original resource; comparing the 
formulated descriptor with the second descriptor; and determining that the replica 
resource does not pose a security risk if the formulated descriptor and the second 
descriptor are equivalent (Farber, see inter alia. Column 37 Line 13-14 and Figure 28). 
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22. As per claim 46, Farber teaches the claimed invention as described above (see 
claim 45). Farber further teaches allowing the request if said determining that the 
replica resource does not pose a securi^y risk to the computing device (Farber. see inter 
alia. Figure 28). 

23. As per claim 47. Farber teaches the claimed invention as described above (see 
claim 45). Farber further teaches redirecting the request to indicate that the replica 
resource is not available if detennining that the replica resource poses a security risk to 
the computing device (Farber, see inter alia, Figure 28). 

24. As per claim 48, Farber teaches the claimed invention as described above (see 
claim 45). Farber further teaches replacing the cached descriptor with the second 
descriptor if the formulated descriptor and the second descriptor are equivalent (Farber, 
see inter alia, Column 25 Line 57 - 61 and Column 37 Line 13-17). 

25. As per claim 49. Farber teaches the claimed invention as described above (see 
claim 45). Farber further teaches replacing the replica resource with a copy of the 
original resource if the formulated descriptor and the cached descriptor are not 
equivalent, and if the formulated descriptor and the second descriptor are not equivalent 
(Farber. see inter alia, Column 37 Line 51 - 52 and Column 31 Line 31 - 32). 

26. As per claim 50, Farber teaches the claimed invention as described above (see 
claim 45). Farber further teaches replacing the cached descriptor with the second 
descriptor if the formulated descriptor and the cached descriptor are not equivalent, and 
if the formulated descriptor and the second descriptor are not equivalent (Farber. see 
inter alia. Column 37 Line 33 - 35). 
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27. As per claim 51, Farber teaches the claimed invention as described above (see 
claim 45). Farber further teaches formulating the cached descriptor when the original 
resource is replicated to create the replica resource (Farber, see inter alia, Column 37 
Line 33 - 35). 

28. As per claim 52, Farber teaches the claimed invention as described above (see 
claim 45). Farber further teaches formulating the cached descriptor when the replica 
resource is initially requested (Farber, see inter alia. Column 14 Line 26 - 30 and 
Column 3 Line 56 - 57). 

29. As per claim 53, Farber teaches the claimed invention as described above (see 
claim 45). Farber further teaches determining whether the request will pose a security 
risk (Farber, see inter alia. Column 34 Line 45 - 50 and Column 31 Line 30). 

30. As per claim 54, Farber teaches the claimed invention as described above (see 
claim 45). Farber further teaches determining whether the request will pose a security 
risk; and redirecting the request to indicate that the replica resource is not available if 
determining that the request poses a security risk to the computing device (Farber, see 
inter alia. Figure 28). 



31 . As per claim 71 , Farber discloses a method determining whether an operating 
system can access a resource without a security risk, the method comprising: 
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a. formulating a descriptor corresponding to the resource (Farber, see inter alia, 
Column 31 Line 27 - 30); 

b. retrieving a cached descriptor corresponding to the resource, the cached 
descriptor stored remotely (Farber, see inter alia, Column 23 Line 15-2 and Column 
23 Line 41 -43); 

c. comparing the formulated descriptor with the cached descriptor (Farber, see inter 
alia, Column 37 Line 36-42); and 

d. determining that the resource is not a security risk if the formulated descriptor 
and the cached descriptor are equivalent (Farber, see inter alia, Column 37 Line 12 - 
13 and Figure 28). 

32. As per claim 72, Farber teaches the claimed invention as described above (see 
claim 71). Farber further teaches allowing the operating system to access the resource 
if said determining that the resource is not a security risk (Farber, see inter alia. Figure 
28). 

33. As per claim 73, Farber teaches the claimed invention as described above (see 
claim 71). Farber further teaches formulating the cached descriptor when the resource 
is created (Farber, see inter alia, Column 37 Line 4-17 and Column 17 Line 31 - 43). 

34. As per claim 74, Farber teaches the claimed invention as described above (see 
claim 71). Farber further teaches formulating the cached descriptor when the resource 
is initially requested (Farber. see inter alia. Column 37 Line 4-17). 
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35. Claim 14 - 19 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Brothers (Publication Number: US 2002/0083178), hereinafter referred to as Brothers. 

36. As per claim 14, Brothers discloses a network server comprising: 

a. a server component to receive a request for a resource maintained on the 
network server and, in response to the request, implement security policies to prevent 
unauthorized access to the resource; and a security component that is registerable with 
the server component during run-time to determine whether the request will pose a 
security risk to the network server (Brothers, see inter alia, Page 12 Parag. 0109 Line 
10 -13 and Figures). 

37. As per claim 15, Brothers teaches the claimed invention as described above (see 
claim 14). Brothers further teach if the security component determines that the request 
will pose a security risk, the security component redirects the request to indicate; that 
the resource is not available (Brothers, see inter alia, Page 12 Parag. 0109 Line 17-21 
and Figure 8). 

38. As per claim 16, Brothers teaches the claimed invention as described above (see 
claim 14). Brothers further teach the request designates a resource locator having a 
resource path, the resource path identifying a location of the resource, and wherein the 
security component determines that the request is not a security risk if the resource 
path does not exceed a maximum number of characters (Brothers, see inter alia, Page 
4 Parag. 0022 Line 1 - 3, Page 16 Parag. 0170 Line 6 - 9 and Figure 13B). 
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39. As per claim 17, Brothers teaches the claimed invention as described above (see 
claim 14). Brothers further teach the request designates a resource locator having a 
plurality of arguments, and wherein the security component determines that the request 
is not a security risk if individual arguments do not exceed a maximum number of 
characters, and if a total number of characters defining all of the arguments do not 
exceed a maximum number of characters (Brothers, see inter alia. Page 16 Parag. 
0170 Line 6 - 9 and Figure 13B). 

40. As per claim 18, Brothers teaches the claimed invention as described above (see 
claim 14). Brothers further teach the request designates a resource locator having a 
resource identifier, and wherein the security component determines that the request is 
not a security risk if the resource identifier has a valid file extension (Brothers, see inter 
alia, Page 16 Parag. 0170 Line 9-10 and Figure 13B). 

41. As per claim 19, Brothers teaches the claimed invention as described above (see 
claim 14). Brothers further teach: 

a. the request designates a resource locator having a resource path and one or 
more arguments, the resource path identifying a location of the resource and the 
resource path having a resource identifier (Brothers, see inter alia. Page 4 Parag. 0022 
Line 1 - 3); 

b. the security component determines that the request is not a security risk if: the 
resource path does not exceed a maximum number of characters; individual arguments 
do not exceed a maximum number of characters; a total number of characters defining 
all of the arguments do not exceed a maximum number of characters; and the resource 
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identifier has a valid file extension (Brothers, see inter alia. Page 16 Parag. 0170 and 
Figure 13B). 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

42. Claim 9 - 1 3, 55 - 60 and 75 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over FartDer (Patent Number: US 6415280 81), hereinafter referred to as 
Farber (as applied to claim 1 and 8 above), in view of Brothers (Publication Number: US 
2002/0083178). hereinafter referred to as Brothers. 

43. As per claim 9, Farber teaches the claimed invention of resource integrity 
validation in regard to security purpose to guard against virus, malicious changes or 
other problems in a client-server and server-server network environment (see claim 8). 
Farber does not expressly teach the request designates a resource locator. Brothers 
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further disclose the request designates a resource locator (Brothers, see inter alia, Page 
8 Parag. 0087 Line 1 -3). 

44. It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Brothers within the system of Farber 
because Brothers discloses the resource access in the distributed network environment 
through a secure universal resource locator (URL) in accordance with the emerging 
internet-based web applications. 

45. As per claim 10, Farber teaches the claimed invention as described above (see 
claim 8). Brothers further teach the request designates a resource locator having a 
resource path, the resource path identifying a location of the replica resource, and 
wherein the security component determines that the request is not a security risk if the 
resource path does not exceed a maximum number of characters (Brothers, see inter 
alia. Page 4 Parag. 0022 Line 1 - 3, Page 16 Parag. 0170 Line 6 - 9 and Figure 13B). 
Same rational for combination applies here as above in rejecting claim 9. 

46. As per claim 1 1 , Farber teaches the claimed invention as described above (see 
claim 8). Brothers further teach the request designates a resource locator having a 
plurality of arguments, and wherein the security component determines that the request 
is not a security risk if individual arguments do not exceed a maximum number of 
characters, and if a total number of characters defining all of the arguments do not 
exceed a maximum number of characters (Brothers, see inter alia, Page 16 Parag. 
0170 Line 6-9 and Figure 13B). Same rational for combination applies here as above 
in rejecting claim 9. 
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47. As per claim 12, Farber teaches the claimed invention as described above (see 
claim 8). Brothers further teach the request designates a resource locator having a 
resource identifier, and wherein the security component determines that the request is 
not a security risk if the resource identifier has a valid file extension (Brothers, see inter 
alia. Page 16 Parag. 0170 Line 9 - 10 and Figure 13B). Same rational for combination 
applies here as above in rejecting claim 9. 

48. As per claim 13, Farber teaches the claimed invention as described above (see 
claim 1). Brothers further teach: 

a. the request designates a resource locator having a resource path and one or 
more arguments, the resource path identifying a location of the replica resource and the 
resource path having a resource identifier (Brothers, see inter alia. Page 4 Parag. 0022 
Line 1-3 and Figure 2D); 

b. the security component is configured to determine whether the request will pose 
a security risk to the second device; the security component determines that the request 
is not a security risk if: the resource path does not exceed a maximum number of 
characters; individual arguments do not exceed a maximum number of characters; a 
total number of characters defining all of the arguments do not exceed a maximum 
number of characters; and the resource identifier has a valid file extension (Brothers, 
see inter alia, Page 16 Parag. 0170 Line 9-10 and Figure 13B). 

49. Same rational for combination applies here as above in rejecting claim 9. 
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50. As per claim 55, Farber teaches the claimed invention of resource integrity 
validation in regard to security purpose to guard against virus, malicious changes or 
other problems in a client-server and server-server network environment (see claim 45). 
Farber does not expressly teach uniform resource locator (URL) related subject matters. 
Brothers further disclose the request designates a resource locator having a resource 
path, the resource path identifying a location of the replica resource, and the method 
further comprising determining that the request does not pose a security risk if the 
resource path does not exceed a maximum number of characters (Brothers, see inter 
alia, Page 4 Parag. 0022 Line 1 - 3, Page 16 Parag. 0170 Line 6 - 9 and Figure 13B). 

51 . It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Brothers within the system of Farber 
because Brothers discloses the resource access in the distributed network environment 
through a secure universal resource locator (URL) in accordance with the emerging 
internet-based web applications. 

52. As per claim 56, Farber teaches the claimed invention as described above (see 
claim 55). Brothers further teach the request designates a resource locator having a 
plurality of arguments, and the method further comprising determining that the request 
does not pose a security risk if individual arguments do not exceed a maximum number 
of characters, and if a total number of characters defining all of the arguments do not 
exceed a maximum number of characters (Brothers, see inter alia, Page 16 Parag. 
0170 Line 6-9 and Figure 13B). Same rational for combination applies here as above 
in rejecting the claim 55. 
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53. As per claim 57, Farber teaches the claimed invention as described above (see 
claim 55). Brothers further teach the request designates a resource locator having a 
resource identifier, and the method further comprising determining that the request does 
not pose a security risk if the resource identifier has a valid file extension (Brothers, see 
inter alia. Page 16 Parag. 0170 Line 9-10 and Figure 13B). Same rational for 
combination applies here as above in rejecting the claim 55. 

54. As per claim 58, Farber teaches the claimed invention as described above (see 
claim 55). Brothers further teach: 

55. a. the request designates a resource locator having a resource path and 
one or more arguments, the resource path identifying a location of the replica resource 
and the resource path having a resource identifier (Brothers, see inter alia. Page 4 
Parag. 0022 Line 1 - 3 and Figure 2D); 

b. the method further comprising determining that the request does not pose a 
security risk if: the resource path does not exceed a maximum number of characters; 
individual arguments do not exceed a maximum number of characters; a total number of 
characters defining all of the arguments do not exceed a maximum number of 
characters; and the resource identifier has a valid file extension (Brothers, see inter alia, 
Page 16 Parag. 0170 Line 9-10 and Figure 13B). 

56. Same rational for combination applies here as above in rejecting the claim 55. 

57. As per claim 59, Farber teaches the claimed invention as described above (see 
claim 45). The claim recites computer-readable medium comprising computer 
executable instructions that, when executed, direct a computing system to perform the 
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method of claim 45. It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to select a computing device to sen/e this purpose. 

58. As per claim 60, Farber teaches the claimed invention as described above (see 
claim 58). The claim recites computer-readable medium comprising computer 
executable instructions that, when executed, direct a computing system to perform the 
method of claim 58. It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to select a computing device to serve this purpose. 

59. As per claim 75, Farber teaches the claimed invention as described above (see 
claim 71). The claim recites computer-readable medium comprising computer 
executable instructions that, when executed, direct a computing system to perform the 
method of claim 71 . It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to select a computing device to serve this purpose. 
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60. Claim 25 - 32, 37-44 and 61 - 70 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Brothers (Publication Number: US 2002/0083178), hereinafter 
referred to as Brothers, in view of Farber (Patent Number: US 6415280 B1), hereinafter 
referred to as Farber. 

61 . As per claim 25, Brothers teach: 

a. an Internet server to receive a request for a resource maintained on the network 
server and, in response to the request, implement security policies to prevent 
unauthorized access to the resource (Brothers, see inter alia, Page 12 Parag. 0109 Line 
10- 13 and Figure 8); 

b. a security component that is registerable with the Internet server during run-time, 
the security component having: a validation component to determine whether the 
request will pose a security risk to the network server (Brothers, see inter alia. Page 16 
Parag. 0170). 

62. Brothers do not teach: 

c. an integrity verification component to determine whether the resource will pose a 
security risk to the network server upon receipt of the request. 

63. Farber teaches an integrity verification component to determine whether the 
resource will pose a security risk to the network server upon receipt of the request 
(Farber, see inter alia, Column 34 Line 45 - 50). 

64. It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Farber within the system of Brothers 
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because Farber discloses resource integrity validation in regard to security purpose to 
guard against virus, malicious changes or other problems in a client-server and server- 
server network environment as part of emerging internet-based applications. 

65. As per claim 37, Brothers teach a validation component to determine whether a 
request for a resource poses a security risk (Brothers, see inter alia, Page 16 Parag. 
0170). 

66. Brothers do not teach an integrity verification component to determine whether 
the resource poses a security risk. 

67. Farber teaches an integrity verification component to determine whether the 
resource poses a security risk (Farber, see inter alia, Column 34 Line 45 - 50). 

68. It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Farber within the system of Brothers 
because Farber discloses resource integrity validation in regard to security purpose to 
guard against virus, malicious changes or other problems in a client-server and server- 
server network environment as part of emerging internet-based applications. 

69. As per claims 26 and 38, Brothers-Farber teaches the claimed invention as 
described above (see claim 25 and 37, respectively). Brothers further teach the request 
designates a resource locator having a resource path, the resource path identifying a 
location of the resource, and wherein the validation component determines that the 
request is not a security risk if the resource path does not exceed a maximum number 
of characters ((Brothers, see inter alia, Page 4 Parag. 0022 Line 1-3, Page 16 Parag. 



Application/Control Number: 09/751 ,016 Page 24 

Art Unit: 2131 

0170 Line 6-9 and Figure 13B). Same rational for combination applies here as above 
in rejecting claim 25 and 37. 

70. As per claims 27 and 39, Brothers-Farber teaches the claimed invention as 
described above (see claim 25 and 37, respectively). Brothers further teach the request 
designates a resource locator having a plurality of arguments, and wherein the 
validation component determines that the request is not a security risk if individual 
arguments do not exceed a maximum number of characters, and if a total number of 
characters defining all of the arguments do not exceed a maximum number of 
characters (Brothers, see inter alia, Page 16 Parag. 0170 Line 6-9 and Figure 13B). 
Same rational for combination applies here as above in rejecting claim 25 and 37. 

71 . As per claims 28 and 40, Brothers-Farber teaches the claimed invention as 
described above (see claim 25 and 37, respectively). Brothers further teach the request 
designates a resource locator having a resource identifier, and wherein the validation 
component determines that the request is not a security risk if the resource identifier 
has a valid file extension (Brothers, see inter alia, Page 16 Parag. 0170 Line 9-10 and 
Figure 13B). Same rational for combination applies here as above in rejecting claim 25 
and 37. 

72. As per claims 29 and 41 , Brothers-Farber teaches the claimed invention as 
described above (see claim 25 and 37, respectively). Brothers further teach: 

a. the request designates a resource locator having a resource path and one or 
more arguments, the resource path identifying a location of the resource and the 
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resource path having a resource identifier (Brothers, see inter alia. Page 4 Parag. 0022 
Line 1-3 and Figure 2D); and 

b. the validation component determines that the request is not a security risk if the 
resource path does not exceed a maximum number of characters; individual arguments 
do not exceed a maximum number of characters; a total number of characters defining 
all of the arguments do not exceed a maximum number of characters; and the resource 
identifier has a valid file extension (Brothers, see inter alia, Page 16 Parag. 0170 and 
Figure 13B). 

73. Same rational for combination applies here as above in rejecting the claim 25 
and 37. 

74. As per claims 30 and 42, Brothers-Farber teaches the claimed invention as 
described above (see claim 25 and 37, respectively). Farber further teach: 

75. a. formulates a descriptor corresponding to the resource; compares the 
formulated descriptor with a cached descriptor, the cached descriptor corresponding to 
the resource and formulated when the resource is initially requested (Farber: inter alia, 
Column 31 Line 27 - 30, Column 37 Line 36 - 42, Column 14 Line 26 - 30 and Column 
3. Line 56-57); and 

76. b. determines that the resource is not a security risk if the formulated 
descriptor and the cached descriptor are equivalent (Farber: inter alia. Column 37 Line 
12 -13 and Figure 28). 

77. Same rational for combination applies here as above in rejecting the claim 25 
and 37. 
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78. As per claims 31 and 43, Brothers-Farber teaches the claimed invention as 
described above (see claim 25 and 37, respectively). Farber further teach: 

a. formulates a descriptor corresponding to the resource; compares the formulated 
descriptor with a cached descriptor, the cached descriptor corresponding to the 
resource and formulated when the resource is initially requested (Farber: inter alia, 
Column 31 Line 27 - 30, Column 37 Line 36 - 42, and Column 14 Line 26 - 30); 

b. if the formulated descriptor and the cached descriptor are not equivalent, 
formulates a second descriptor corresponding to an original resource maintained on a 
file server remotely located from the network server, the resource being replicated from 
the original resource (Farber: inter alia, Column 3 Line 35 - 38 and Column 31 Line 31 
-33); 

c. compares the formulated descriptor with the second descriptor; and determines 
that the resource is not a security risk if the formulated descriptor and the second 
descriptor are equivalent (Farber: inter alia, Column 37 Line 13-14 and Figure 28). 

79. Same rational for combination applies here as above in rejecting the claim 25 
and 37. 

80. As per claims 32 and 44, Brothers-Farber teaches the claimed invention as 
described above (see claim 25 and 37, respectively). Farber further teach: 

a. formulates a descriptor corresponding to the resource; compares the formulated 
descriptor with a cached descriptor, the cached descriptor corresponding to the 
resource and formulated when the resource is initially requested (Farber: inter alia, 
Column 31 Line 27 - 30, Column 37 Line 36 - 42, and Column 14 Line 26 - 30); 
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b. if the formulated descriptor and the cached descriptor are not equivalent, 
formulates a second descriptor corresponding to an original resource maintained on a 
file server remotely located from the network server, the resource being replicated from 
the original resource (Farber: inter alia, Column 3 Line 35 - 38 and Column 31 Line 31 
-33); 

c. compares the formulated descriptor with the second descriptor; if the formulated 
descriptor and the second descriptor are not equivalent, initiates that the resource 
stored on the network server be replaced with a copy of the original resource 
maintained on the file server (Farber: inter alia, Column 37 Line 51 - 52 and Column 31 
Line 31 -32); and 

d. initiates that the cached descriptor be replaced with the second descriptor 
(Farber: inter alia, Column 37 Line 33 - 35). 

81 . Same rational for combination applies here as above in rejecting the claim 25 
and 37. 



82. As per claim 61 , Brothers teach: 

a. receiving a request for a resource (Brothers, see inter alia, Figure 2D); 

b. implementing security policies to prevent unauthorized access to the resource 
(Brothers, see inter alia. Figure 8); 
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c. determining whether the request will pose a security risk (Brothers, see inter alia. 
Page 16 Parag. 0171); 

83. Brothers do not teach determining whether the resource will pose a security risk 
if allowing the request. 

84. Farber teaches determining whether the resource will pose a security risk if 
allowing the request (Farber, see inter alia. Column 34 Line 45 - 50). 

85. It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Farber within the system of Brothers 
because Farber discloses resource integrity validation in regard to security purpose to 
guard against virus, malicious changes or other problems in a client-server and server- 
server network environment as part of emerging internet-based applications. 

86. As per claim 62, Brothers-Farber teaches the claimed invention as described 
above (see claim 61). The claim recites allowing the request for the resource if 
determining that the request does not pose a security risk and if determining that the 
resource does not pose a security risk. Brothers further teach the request can't be 
allowed if determining the request poses a security risk (Brothers, see inter alia, Figure 
8) and subsequently Farber also teaches the access to the resource can't be allowed if 
determining the resource poses a security risk. This is because the True Name (i.e. 
unique resource ID) has been changed (Farber, see inter alia, Figure 28). Same 
rational for combination applies here as above in rejecting the claim 61. 

87. As per claim 63, Brothers-Farber teaches the claimed invention as described 
above (see claim 61). Brothers further teach the request designates a resource locator 
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having a resource path, the resource path identifying a location of the resource, and the 
method further comprising determining that the request does not pose a security risk if 
the resource path does not exceed a maximum number of characters (Brothers, see 
inter alia. Page 4 Parag. 0022 Line 1 - 3, Page 16 Parag. 0170 Line 6 - 9 and Figure 
13B). Same rational for combination applies here as above in rejecting the claim 61 . 

88. As per claim 64, Brothers-Farber teaches the claimed invention as described 
above (see claim 61). Brothers further teach the request designates a resource locator 
having a plurality of arguments, and the method further comprising determining that the 
request does not pose a security risk if individual arguments do not exceed a maximum 
number of characters, and if a total number of characters defining all of the arguments 
do not exceed a maximum number of characters (Brothers, see inter alia, Page 16 
Parag. 0170 Line 6-9 and Figure 13B). Same rational for combination applies here as 
above in rejecting the claim 61 . 

89. As per claim 65, Brothers-Farber teaches the claimed invention as described 
above (see claim 61). Brothers further teach the request designates a resource locator 
having a resource identifier, and the method further comprising determining that the 
request does not pose a security risk if the resource identifier has a valid file extension 
(Brothers, see inter alia. Page 16 Parag. 0170 Line 9-10 and Figure 13B). Same 
rational for combination applies here as above in rejecting the claim 61. 

90. As per claim 66, Brothers-Farber teaches the claimed invention as described 
above (see claim 61). Farber further teaches: 
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a. formulating a descriptor corresponding to the resource; comparing the formulated 
descriptor with a cached descriptor corresponding to the resource and formulated when 
the resource is initially requested (Farber: inter alia, Column 31 Line 27 - 30, Column 
37 Line 36 - 42, Column 14 Line 26 - 30 and Column 3 Line 56 - 57; and 

91 . b. determining that the resource does not pose a security risk if the 
formulated descriptor and the cached descriptor are equivalent (Farber: inter alia, 
Column 37 Line 12 - 13 and Figure 28). 

92. Same rational for combination applies here as above in rejecting the claim 61. 

93. As per claim 67, Brothers-Farber teaches the claimed invention as described 
above (see claim 61 ). Farber further teaches: 

a. formulating a descriptor corresponding to the resource; comparing the formulated 
descriptor with a cached descriptor corresponding to the resource and formulated when 
the resource is initially requested (Farber: inter alia, Column 31 Line 27 - 30, Column 
37 Line 36 - 42. and Column 14 Line 26 - 30); 

b. determining that the resource does not pose a security risk if the formulated 
descriptor and the cached descriptor are equivalent; if the formulated descriptor and the 
cached descriptor are not equivalent, formulating a second descriptor corresponding to 
an original resource remotely located, the resource replicated from the original source 
(Farber: inter alia, Column 3 Line 35 - 38 and Column 31 Line 31 - 33); 

c. comparing the formulated descriptor with the second descriptor; and determining 
that the resource does not pose a security risk if the formulated descriptor and the 
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second descriptor are equivalent (Farber: inter alia, Column 37 Line 13-14 and Figure 
28). 

94. Same rational for combination applies here as above in rejecting the claim 61 . 

95. As per claim 68, Brothers-Farber teaches the claimed invention as described 
above (see claim 61). Farber further teaches: 

96. formulating a descriptor corresponding to the resource; comparing the formulated 
descriptor with a cached descriptor corresponding to the resource and formulated when 
the resource is initially requested (Farber: inter alia, Column 31 Line 27 - 30, Column 
37 Line 36 - 42. Column 14 Line 26 - 30 and Column 3 Line 56 - 57); 

b. determining that the resource does not pose a security risk if the formulated 
descriptor and the cached descriptor are equivalent (Farber, see inter alia, Column 37 
Line 12 - 13 and Figure 28); 

c. if the formulated descriptor and the cached descriptor are not equivalent, 
formulating a second descriptor corresponding to an original resource remotely located, 
the resource replicated from the original resource (Farber, see inter alia, Column 3 Line 
35 - 38 and Column 31 Line 31 - 33); 

d. comparing the formulated descriptor with the second descriptor; and determining 
that the resource does not pose a security risk if the formulated descriptor and the 
second descriptor are equivalent (Farber, see inter alia. Column 37 Line 13-14 and 
Figure 28); 

e. if the formulated descriptor and the second descriptor are not equivalent, 
replacing the resource with a copy of the original resource and replacing the cached 
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descriptor with the second descriptor (Farber, see inter alia, Column 37 Line 51 - 52, 
Column 31 Line 31 - 32 and Column 37 Line 33 - 35). 

97. . Same rational for combination applies here as above in rejecting the claim 61 . 

98. As per claim 69, Brothers-Farber teaches the claimed invention as described 
above (see claim 61). The claim recites computer-readable medium comprising 
computer executable instructions that, when executed, direct a computing system to 
perform the method of claim 61 . It would have been obvious to a person of ordinary 
skill in the art at the time the invention was made to select a computing device to serve 
this purpose. 

99. As per claim 70. Brothers-Farber teaches the claimed invention as described 
above (see claim 68). The claim recites computer-readable medium comprising 
computer executable instructions that, when executed, direct a computing system to 
perform the method of claim 68. It would have been obvious to a person of ordinary 
skill in the art at the time the invention was made to select a computing device to serve 
this purpose. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Longbit Chai whose telephone number is 703-305-0710. 
The examiner can normally be reached on Monday-Friday 8:00am-5:00pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supen/isor, Ayaz R Sheikh can be reached on 703-305-9648. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more infomiation about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toil-free). 
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